Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method for executing a native code module, comprising: obtaining the native code module in a computing system; validating, by the computing system, the native code module, by performing operations that include: identifying each branch instruction and each store instruction in the native code module that has a respective computed destination address, comparing the respective computed destination addresses of the identified branch instructions and store instructions with a predetermined address constraint, setting, as a result of the comparing, one or more processor condition codes that indicate whether a validation condition is satisfied, and verifying that each of the identified branch instructions and store instructions is a predicated instruction that is executed only if the validation condition indicated by the one or more processor condition codes is satisfied; and in response to validating the native code module, executing the native code module in a secure runtime environment of the computing system.
A computer system protects itself when running potentially untrusted native code (like from a web browser). It checks the code before running it, specifically looking at every "branch" instruction (which changes the flow of the program) and every "store" instruction (which writes data to memory). It makes sure that the location each of these instructions will jump to or write to is within allowed boundaries. The code uses processor condition codes to indicate whether the address is valid. Finally, the system only runs these branch or store instructions *if* the address is valid, based on these condition codes. This helps prevent the untrusted code from jumping to or writing to unauthorized memory areas.
2. The computer-implemented method of claim 1 , wherein the secure runtime environment is for an Advanced Reduced Instruction Set Computing (RISC) Machine (ARM) instruction set architecture.
The method for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, specifically targets systems using the Advanced RISC Machine (ARM) architecture. This means the security measures are tailored to how ARM processors handle instructions and memory.
3. The computer-implemented method of claim 1 , wherein comparing the respective computed destination addresses with the predetermined address constraint includes using a comparison instruction that logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint.
The method for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, uses a comparison instruction. This instruction compares a special "mask" value with the calculated destination address. The comparison determines if the destination address is within the permitted range specified by the mask. This acts like a filter, allowing only valid addresses to pass through.
4. The computer-implemented method of claim 3 , wherein the comparison instruction comprises a notational-and instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address.
The method for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, including using a comparison instruction to logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint, employs a "notational-and" instruction. This instruction takes a set of bits from the mask and compares them with a corresponding set of bits from the calculated destination address. This bitwise comparison helps determine if the destination is valid.
5. The computer-implemented method of claim 4 , wherein the one or more processor condition codes comprise a zero flag that is set if the notational-and instruction returns a set of zero bits.
The method for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a "notational-and" instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address, and only running the instructions if the address is valid, uses a "zero flag" as one of the processor condition codes. This flag is set to "true" (meaning the result is zero) if the "notational-and" comparison results in all bits being zero.
6. The computer-implemented method of claim 5 , wherein the predicated instruction is executed if the zero flag is set, and wherein the predicated instruction is skipped if the zero flag is cleared.
The method for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a zero flag that is set if a notational-and instruction returns a set of zero bits, and only running the instructions if the address is valid, based on the zero flag, will execute a store or branch instruction only if the zero flag is set (meaning the destination address is considered valid). If the zero flag is cleared (meaning the destination address is invalid), the instruction is skipped, preventing unauthorized memory access or code execution.
7. A system for executing a native code module, comprising: a web browser configured to obtain the native code module; a validator configured to validate the native code module by: identifying each branch instruction and each store instruction in the native code module that has a respective computed destination address, comparing the respective computed destination addresses of the identified branch instructions and store instructions with a predetermined address constraint, setting, as a result of the comparing, one or more processor condition codes that indicate whether a validation condition is satisfied, and verifying that each of the identified branch instructions and store instructions is a predicated instruction that is executed only if the validation condition indicated by the one or more processor condition codes is satisfied; and a secure runtime environment associated with the web browser, wherein the secure runtime environment is configured to execute the native code module in response to the native code module having been validated.
A computer system protects itself when running potentially untrusted native code (like from a web browser). The web browser obtains the native code. A "validator" component checks the code before running it, specifically looking at every "branch" instruction (which changes the flow of the program) and every "store" instruction (which writes data to memory). It makes sure that the location each of these instructions will jump to or write to is within allowed boundaries. The code uses processor condition codes to indicate whether the address is valid. Finally, the system only runs these branch or store instructions *if* the address is valid, based on these condition codes, in a secure runtime environment. This helps prevent the untrusted code from jumping to or writing to unauthorized memory areas.
8. The system of claim 7 , wherein the secure runtime environment is for an Advanced Reduced Instruction Set Computing (RISC) Machine (ARM) instruction set architecture.
The system for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, specifically targets systems using the Advanced RISC Machine (ARM) architecture. This means the secure runtime environment is for an ARM instruction set.
9. The system of claim 7 , wherein comparing the respective computed destination addresses with the predetermined address constraint includes using a comparison instruction that logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint.
The system for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, uses a comparison instruction. This instruction compares a special "mask" value with the calculated destination address. The comparison determines if the destination address is within the permitted range specified by the mask. This acts like a filter, allowing only valid addresses to pass through.
10. The system of claim 9 , wherein the comparison instruction comprises a notational-and instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address.
The system for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, including using a comparison instruction to logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint, employs a "notational-and" instruction. This instruction takes a set of bits from the mask and compares them with a corresponding set of bits from the calculated destination address. This bitwise comparison helps determine if the destination is valid.
11. The system of claim 10 , wherein the one or more processor condition codes comprise a zero flag that is set if the notational-and instruction returns a set of zero bits.
The system for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a "notational-and" instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address, and only running the instructions if the address is valid, uses a "zero flag" as one of the processor condition codes. This flag is set to "true" (meaning the result is zero) if the "notational-and" comparison results in all bits being zero.
12. The system of claim 11 , wherein the predicated instruction is executed if the zero flag is set, and wherein the predicated instruction is skipped if the zero flag is cleared.
The system for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a zero flag that is set if a notational-and instruction returns a set of zero bits, and only running the instructions if the address is valid, based on the zero flag, will execute a store or branch instruction only if the zero flag is set (meaning the destination address is considered valid). If the zero flag is cleared (meaning the destination address is invalid), the instruction is skipped, preventing unauthorized memory access or code execution.
13. A non-transitory computer-readable storage medium storing instructions that when executed by one or more processors cause performance of operations for executing a native code module, the operations comprising: obtaining the native code module in a computing system; validating, by the computing system, the native code module, by performing operations that include: identifying each branch instruction and each store instruction in the native code module that has a respective computed destination address, comparing the respective computed destination addresses of the identified branch instructions and store instructions with a predetermined address constraint, setting, as a result of the comparing, one or more processor condition codes that indicate whether a validation condition is satisfied, and verifying that each of the identified branch instructions and store instructions is a predicated instruction that is executed only if the validation condition indicated by the one or more processor condition codes is satisfied; and in response to validating the native code module, executing the native code module in a secure runtime environment of the computing system.
Computer-readable storage medium (like a hard drive or memory stick) stores instructions that, when a computer runs them, protect the system when running potentially untrusted native code (like from a web browser). The code checks the native code before running it, specifically looking at every "branch" instruction (which changes the flow of the program) and every "store" instruction (which writes data to memory). It makes sure that the location each of these instructions will jump to or write to is within allowed boundaries. The code uses processor condition codes to indicate whether the address is valid. Finally, the system only runs these branch or store instructions *if* the address is valid, based on these condition codes, in a secure runtime environment. This helps prevent the untrusted code from jumping to or writing to unauthorized memory areas.
14. The computer-readable storage medium of claim 13 , wherein the secure runtime environment is for an Advanced Reduced Instruction Set Computing (RISC) Machine (ARM) instruction set architecture.
The computer-readable storage medium containing instructions for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, specifically targets systems using the Advanced RISC Machine (ARM) architecture. This means the secure runtime environment is for an ARM instruction set.
15. The computer-readable storage medium of claim 13 , wherein comparing the respective computed destination addresses with the predetermined address constraint includes using a comparison instruction that logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint.
The computer-readable storage medium containing instructions for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, uses a comparison instruction. This instruction compares a special "mask" value with the calculated destination address. The comparison determines if the destination address is within the permitted range specified by the mask. This acts like a filter, allowing only valid addresses to pass through.
16. The computer-readable storage medium of claim 15 , wherein the comparison instruction comprises a notational-and instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address.
The computer-readable storage medium containing instructions for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity, and only running the instructions if the address is valid, including using a comparison instruction to logically compares a mask value with the computed destination address to determine whether or not the computed destination address satisfies the predetermined address constraint, employs a "notational-and" instruction. This instruction takes a set of bits from the mask and compares them with a corresponding set of bits from the calculated destination address. This bitwise comparison helps determine if the destination is valid.
17. The computer-readable storage medium of claim 16 , wherein the one or more processor condition codes comprise a zero flag that is set if the notational-and instruction returns a set of zero bits.
The computer-readable storage medium containing instructions for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a "notational-and" instruction that logically compares a first set of bits from a mask condition with a second set of bits from the computed destination address, and only running the instructions if the address is valid, uses a "zero flag" as one of the processor condition codes. This flag is set to "true" (meaning the result is zero) if the "notational-and" comparison results in all bits being zero.
18. The computer-readable storage medium of claim 17 , wherein the predicated instruction is executed if the zero flag is set, and wherein the predicated instruction is skipped if the zero flag is cleared.
The computer-readable storage medium containing instructions for executing native code as described where a computer system protects itself when running potentially untrusted native code (like from a web browser) by checking branch and store instructions before running them, making sure their destination addresses are within allowed boundaries, setting processor condition codes to indicate validity using a zero flag that is set if a notational-and instruction returns a set of zero bits, and only running the instructions if the address is valid, based on the zero flag, will execute a store or branch instruction only if the zero flag is set (meaning the destination address is considered valid). If the zero flag is cleared (meaning the destination address is invalid), the instruction is skipped, preventing unauthorized memory access or code execution.
Unknown
August 26, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.